diff --git a/configs/docker.nix b/configs/docker.nix
index 55d80bb..500dbc1 100644
--- a/configs/docker.nix
+++ b/configs/docker.nix
@@ -12,6 +12,8 @@
     };
   };
 
+  users.extraGroups.docker.members = ["alex"];
+
   environment = {
     systemPackages = with pkgs; [
       docker-compose
diff --git a/configs/user.nix b/configs/user.nix
index 922b156..2bc0336 100644
--- a/configs/user.nix
+++ b/configs/user.nix
@@ -37,7 +37,6 @@ in {
       hashedPasswordFile = config.sops.secrets.hashedPassword.path;
       extraGroups = [
         "wheel"
-        "docker"
         "networkmanager"
         "lp"
         "nginx"
diff --git a/machine/mini/configuration.nix b/machine/mini/configuration.nix
index f5cf720..326e6fa 100644
--- a/machine/mini/configuration.nix
+++ b/machine/mini/configuration.nix
@@ -14,7 +14,7 @@
   ];
 
   sops = {
-    defaultSopsFile = ../../secrets-mini.yaml;
+    defaultSopsFile = ../../secrets/secrets-mini.yaml;
   };
 
   boot = {
@@ -95,27 +95,10 @@
         "/persist/borg"
       ];
     };
-  };
 
-  virtualisation = {
-    libvirtd = {
-      enable = true;
-      qemu = {
-        package = pkgs.qemu_kvm;
-        swtpm.enable = true;
-        ovmf = {
-          enable = true;
-          packages = [
-            (pkgs.OVMF.override {
-              secureBoot = true;
-              tpmSupport = true;
-            })
-            .fd
-          ];
-        };
-      };
+    locate = {
+      prunePaths = [ "/mnt" "/nix" ];
     };
-    spiceUSBRedirection.enable = true;
   };
 
   powerManagement = {